Port Security Grant Program:
Risk Model, Grant Management, and Effectiveness Measures Could Be Strengthened
GAO-12-47: Published: Nov 17, 2011. Publicly Released: Dec 19, 2011.
From fiscal years 2006 through 2010, the Department of Homeland Security (DHS) has awarded nearly $1.7 billion dollars to port areas through its Port Security Grant Program (PSGP) to protect critical maritime infrastructure and the public from terrorist attacks. The Federal Emergency Management Agency (FEMA)--a DHS component agency--is the agency responsible for distributing grant funds. GAO was asked to evaluate the extent to which DHS has (1) allocated PSGP funds in accordance with risk; (2) encountered challenges in administering the grant program and what actions, if any, DHS has taken to overcome these challenges; and (3) evaluated the effectiveness of the PSGP. To address these objectives, GAO reviewed the PSGP risk model, funding allocation methodology, grant distribution data, and program documents, such as PSGP guidance. Additionally, GAO interviewed DHS and port officials about grant processes, funding distribution, and program challenges, among other things.
In 2010 and 2011, PSGP allocations were based largely on port risk and determined through a combination of a risk analysis model and DHS implementation decisions. DHS uses a risk analysis model to allocate PSGP funding to port areas that includes all three elements of risk--threat, vulnerability, and consequence--and DHS made modifications to enhance the model's vulnerability element for fiscal year 2011. For example, DHS modified the vulnerability equation to recognize that different ports can have different vulnerability levels. However, the vulnerability equation is not responsive to changes in port security--such as the implementation of PSGP-funded security projects. Additionally, the vulnerability equation does not utilize the most precise data available in all cases. DHS addressed prior GAO recommendations for strengthening the vulnerability element of grant risk models, but the PSGP model's vulnerability measure could be further strengthened by incorporating the results of past security investments and by refining other data inputs. FEMA has faced several challenges in distributing PSGP grant funds, and FEMA has implemented specific steps to overcome these challenges. Only about one-quarter of awarded grant funding has been drawn down by grantees, and an additional one-quarter remains unavailable (see table below). Funding is unavailable--meaning that grantees cannot begin using the funds to work on projects--for two main reasons: federal requirements have not been met (such as environmental reviews), or the port area has not yet identified projects to fund with the grant monies. Several challenges contributed to funds being unavailable. For example, DHS was slow to review cost-share waiver requests--requests from grantees to forego the cost-share requirement. Without a more expedited waiver review process, grant applicants that cannot afford the cost-share may not apply for important security projects. Other challenges included managing multiple open grant rounds, complying with program requirements, and using an antiquated grants management system. FEMA has taken steps to address these challenges. For example FEMA and DHS have, among other things, increased staffing levels, introduced project submission time frames, implemented new procedures for environmental reviews, and implemented phase one of a new grants management system. However, it is too soon to determine how successful these efforts will be in improving the distribution of grant funds. FEMA is developing performance measures to assess its administration of the PSGP but it has not implemented measures to assess PSGP grant effectiveness. Although FEMA has taken initial steps to develop measures to assess the effectiveness of its grant programs, it does not have a plan and related milestones for implementing measures specifically for the PSGP. Without such a plan, it may be difficult for FEMA to effectively manage the process of implementing measures to assess whether the PSGP is achieving its stated purpose of strengthening critical maritime infrastructure against risks associated with potential terrorist attacks. GAO recommends that DHS strengthen its methodology for measuring vulnerability in ports by accounting for how past security investments reduce vulnerability and by using the most precise data available. GAO also recommends that DHS evaluate the cost-share waiver review process and take steps to expedite the process where appropriate and develop a plan with milestones for implementing performance measures for the PSGP. DHS concurred with GAO's recommendations.
Recommendations for Executive Action
Status: Closed - Not Implemented
Comments: The Department of Homeland Security (DHS) concurred with our recommendation that it develop a vulnerability index that accounts for how security improvements affect port vulnerability, and incorporate these changes into future iterations of the Port Security Grant Program (PSGP) risk model. DHS stated that although incorporating the effects of completed security projects on vulnerability is complex, it remains a key goal of the PSGP risk methodology and is revisited annually. However, DHS did not provide details regarding its plan to implement this recommendation. FEMA's February 2013 recommendation update noted that the agency remained committed to working with its partners, including USCG, to improve the measure of vulnerability within the PSGP risk methodology by capturing changes in port vulnerability due to the implementation of security enhancements. FEMA officials noted that they had worked with USCG and FEMA's National Preparedness Directorate's (NPD) National Preparedness Assessment Division (NPAD) to review existing assessments of port vulnerability and performance measurement data to determine if they are suitable for inclusion in the PSGP risk formula. However, FEMA officials stated that the ability to incorporate the effects of completed security projects on the vulnerability measure is complex and not currently achievable. In February 2014, FEMA provided an update to this recommendation. In their update, FEMA stated that they have worked with the U.S. Coast Guard (USCG) to determine if the current vulnerability index of the PSGP risk methodology can be enhanced to account for how security improvements can affect port vulnerability. FEMA stated that they have determined this specific enhancement is not achievable for the following reasons: (1) FEMA lacks the resources to annually measure the reduced vulnerability attributed to enhanced PSGP security measures at defined and all other ports, and (2) the MSRAM model was not designed to analyze vulnerability mitigation resulting from port-wide projects that may benefit multiple assets in a port. FEMA concluded by stating that they will continue to use the existing vulnerability measure in PSGP risk methodology, which does represent a measure of the vulnerability of the nation's highest risk port areas. Despite the limitations that FEMA has presented, GAO continues to believe that a better approach is needed to understand how grant funded projects change risk. By not consistently measuring changes in vulnerability attributed to grant projects, FEMA may not be appropriately targeting funding or accurately measuring the progress being made in enhancing port security. This recommendation is closed, not implemented.
Recommendation: To help strengthen the implementation and oversight of the PSGP, to strengthen DHS's methodology for measuring vulnerability in ports, and to improve the precision of grant allocations to high-risk port areas, the Secretary of Homeland Security should direct the FEMA Administrator to develop a vulnerability index that accounts for how security improvements affect port vulnerability, and incorporate these changes into future iterations of the PSGP risk model.
Agency Affected: Department of Homeland Security
Status: Closed - Implemented
Comments: DHS concurred with our recommendation that FEMA coordinate with the Coast Guard to determine the most precise data available to populate the data elements within the vulnerability index and to utilize this data as an interim measure until a revised vulnerability index is developed. Specifically, DHS stated that FEMA will continue to coordinate with subject matter experts, including the Coast Guard, to determine the best data available for use in the vulnerability index. Further, DHS stated that FEMA and the Coast Guard will continue discussions regarding data elements to be used in future grant years, and that these meetings will focus on what data elements are currently available for use as an interim measure while additional enhancements to the vulnerability component are developed. This action should address the intent of the recommendation; however, the recommendation will remain open until such time that FEMA submits documentation to indicate that these meetings have occurred. In February 2013, FEMA provided an update to this recommendation. They noted that in FY12, in consultation with the USCG, FEMA updated its vulnerability component to incorporate not only Foreign Vessel Data but a count of vessels identified as High Interest Vessels (HIV). The High Interest Vessel Program uses a risk-based targeting tool that applies relative ranking based on maritime security concerns to designate non-U.S. vessels as an HIV. USCG provides the extract from the HIV Program on an annual basis for the PSGP risk analysis. Additionally, in FY12, FEMA also coordinated with USCG to discuss more appropriate options for defining PSGP port boundaries to more accurately capture vulnerabilities to ports. After discussion about the limitations of the single-point latitude and longitude port definitions used in previous iterations of the PSGP risk formula, FEMA and USCG decided to implement multiple-point latitude and longitude locations for each eligible PSGP port, derived from the United States Army Corps of Engineers (USACE) Master Docks Plus Public Extract database. This enhancement captures a more accurate measure of the people at risk from an attack on a vessel carrying hazardous materials within the HAZMAT Population data element. Based on these improvements to the model, this recommendation can be closed.
Recommendation: To help strengthen the implementation and oversight of the PSGP, to strengthen DHS's methodology for measuring vulnerability in ports, and to improve the precision of grant allocations to high-risk port areas, the Secretary of Homeland Security should direct the FEMA Administrator to coordinate with the Coast Guard to determine the most precise data available to populate the data elements within the vulnerability index and to utilize these data as an interim measure, until a revised vulnerability index is developed.
Agency Affected: Department of Homeland Security
Status: Closed - Implemented
Comments: On March 2, 2012, the Secretary of the Department of Homeland Security (DHS) signed a delegation to provide the Administrator of the Federal Emergency Management Agency (FEMA) with the authority to approve cost-share adjustments for Port Security Grants pursuant to section 102(a) of the Maritime Transportation Security Act of 2002 (Pub. L. No. 107-295). This action fulfills our recommendation because it resulted in an expedited review process for cost-share waiver requests. We reported that the cost-share waiver approval process in effect at the time of our review required 22 separate steps, a process that took 126 days to complete, on average. As a result of the Secretary delegating approval authority to the FEMA Administrator, 6 of the 22 review steps have been eliminated. This recommendation has been implemented.
Recommendation: To help strengthen the implementation and oversight of the PSGP, and to ensure that waiver requests--including those submitted under previous cost-share years in which money remains unassigned and those that may be submitted in future grant rounds if a cost-share requirement is applied--are evaluated promptly, the FEMA Administrator---in conjunction with the Office of the Secretary of Homeland Security should evaluate the waiver review process to identify sources of delay and take measures to expedite the process.
Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
Status: Closed - Implemented
Comments: DHS concurred with our recommendation that it develop time frames and related milestones for implementing performance measures to monitor the effectiveness of the PSGP. Specifically, DHS stated that FEMA's Grant Programs Directorate was in the process of developing external measures to determine how effective grantees are in managing and administering the grants and that these external measures would be completed by January 1, 2012. Further, DHS stated that FEMA was also developing performance objectives for core capabilities, as required by Presidential Policy Directive 8 and the new National Preparedness Goal, and would be reviewing all prevention and protection measures, including those for PSGP. Finally, DHS stated that FEMA's National Preparedness Directorate planned to work with GPD and the Coast Guard in fiscal year 2012 to develop some specific measures towards building and sustaining capabilities. FEMA provided an update to this recommendation in February 2014. In their update, FEMA stated that in conjunction with the USCG, they have developed management and administrative performance measures to help strengthen the implementation, administration, and oversight of the PSGP. FEMA stated that they annually track these performance measures on award processing, financial and programmatic monitoring, and grant award closeout. Some examples of these measures include (1) percent of preparedness grant awards processed within 120 days; (2)percent of preparedness grant awards monitored programmatically; and (3)Percent of grant funds released to grantees within 270 days. FEMA stated that they have made great strides in the management and administration of PSGP and have increased performance on award processing, and financial and programmatic monitoring since the implementation of the performance measures in 2012. In addition, FEMA commented that they have developed specific measures to track building and sustaining capabilities with PSGP funding. FEMA noted that they began collecting data in 2013 for the measures, "Percent of PSGP funding building new capabilities" and "Percent of PSGP funding sustaining existing capabilities." FEMA stated that they will track these performance measures annually. FEMA's efforts demonstrate a commitment to meeting this recommendation and this recommendation is now closed as implemented.
Recommendation: To help strengthen the implementation and oversight of the PSGP, and to strengthen the administration, oversight, and internal controls of the PSGP, and to streamline processes, the Secretary of Homeland Security should direct the FEMA Administrator to develop---in collaboration with the Coast Guard---time frames and related milestones for implementing performance measures to monitor the effectiveness of the PSGP.
Agency Affected: Department of Homeland Security